aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo/file.c
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-16 03:28:21 -0400
committerJames Morris <jmorris@namei.org>2010-08-02 01:34:35 -0400
commitcb917cf517075a357ce43b74e8a5a57f2c69a734 (patch)
tree5d7a5abdf135b566d0e764a4c767c15b317e7998 /security/tomoyo/file.c
parent71c282362d0672235c5205a7db1f3ac3fcf32981 (diff)
TOMOYO: Merge functions.
Embed tomoyo_path_number_perm2() into tomoyo_path_number_perm(). Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/file.c')
-rw-r--r--security/tomoyo/file.c50
1 files changed, 9 insertions, 41 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 67e65c7dde70..de87c45ba9d0 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -265,14 +265,6 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r)
265 tomoyo_file_pattern(filename), buffer); 265 tomoyo_file_pattern(filename), buffer);
266} 266}
267 267
268static int tomoyo_update_path2_acl(const u8 type, const char *filename1,
269 const char *filename2,
270 struct tomoyo_domain_info *const domain,
271 const bool is_delete);
272static int tomoyo_update_path_acl(const u8 type, const char *filename,
273 struct tomoyo_domain_info *const domain,
274 const bool is_delete);
275
276/* 268/*
277 * tomoyo_globally_readable_list is used for holding list of pathnames which 269 * tomoyo_globally_readable_list is used for holding list of pathnames which
278 * are by default allowed to be open()ed for reading by any process. 270 * are by default allowed to be open()ed for reading by any process.
@@ -1046,37 +1038,6 @@ static int tomoyo_update_path_number_acl(const u8 type, const char *filename,
1046} 1038}
1047 1039
1048/** 1040/**
1049 * tomoyo_path_number_perm2 - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1050 *
1051 * @r: Pointer to "strct tomoyo_request_info".
1052 * @filename: Filename to check.
1053 * @number: Number.
1054 *
1055 * Returns 0 on success, negative value otherwise.
1056 *
1057 * Caller holds tomoyo_read_lock().
1058 */
1059static int tomoyo_path_number_perm2(struct tomoyo_request_info *r,
1060 const u8 type,
1061 const struct tomoyo_path_info *filename,
1062 const unsigned long number)
1063{
1064 int error;
1065
1066 if (!filename)
1067 return 0;
1068 r->param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
1069 r->param.path_number.operation = type;
1070 r->param.path_number.filename = filename;
1071 r->param.path_number.number = number;
1072 do {
1073 tomoyo_check_acl(r, tomoyo_check_path_number_acl);
1074 error = tomoyo_audit_path_number_log(r);
1075 } while (error == TOMOYO_RETRY_REQUEST);
1076 return error;
1077}
1078
1079/**
1080 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp". 1041 * tomoyo_path_number_perm - Check permission for "create", "mkdir", "mkfifo", "mksock", "ioctl", "chmod", "chown", "chgrp".
1081 * 1042 *
1082 * @type: Type of operation. 1043 * @type: Type of operation.
@@ -1101,9 +1062,16 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
1101 goto out; 1062 goto out;
1102 if (type == TOMOYO_TYPE_MKDIR) 1063 if (type == TOMOYO_TYPE_MKDIR)
1103 tomoyo_add_slash(&buf); 1064 tomoyo_add_slash(&buf);
1104 error = tomoyo_path_number_perm2(&r, type, &buf, number); 1065 r.param_type = TOMOYO_TYPE_PATH_NUMBER_ACL;
1105 out: 1066 r.param.path_number.operation = type;
1067 r.param.path_number.filename = &buf;
1068 r.param.path_number.number = number;
1069 do {
1070 tomoyo_check_acl(&r, tomoyo_check_path_number_acl);
1071 error = tomoyo_audit_path_number_log(&r);
1072 } while (error == TOMOYO_RETRY_REQUEST);
1106 kfree(buf.name); 1073 kfree(buf.name);
1074 out:
1107 tomoyo_read_unlock(idx); 1075 tomoyo_read_unlock(idx);
1108 if (r.mode != TOMOYO_CONFIG_ENFORCING) 1076 if (r.mode != TOMOYO_CONFIG_ENFORCING)
1109 error = 0; 1077 error = 0;